Security solutions vendor Mocana has taken somewhat of a sidestep from its focus as a provider of embedded device and mobile security solutions, and has released what it calls a highly secure drop-in replacement for the widely adopted OpenSSL stack for Apache Web servers.
Dubbed NorthStar, the solution was developed from the ground up using modern programming practices and tools by security experts to ensure high code quality, Mocana said.
NorthStar includes all the necessary connecting “glue” needed to provide a simple, drop-in replacement for OpenSSL, the default cryptographic library provided for Apache web servers, Mocana added.
OpenSSL has proven to be highly vulnerable, as evidenced by the recent Heartbleed vulnerability discovered earlier this year, a flaw that still plagues many enterprises around the globe. In fact, according to a recent report from Venafi, just 3 percent of external-facing servers in the world’s largest companies have been fully protected from the Heartbleed vulnerability.
“Complexity is the enemy of security, and with 457,000 lines of code that need patching seemingly every week, OpenSSL has kept many IT managers awake at night, waiting to react to the next announced vulnerability. The code for the TLS stack in NorthStar is only a fraction of that size, and has been comprehensively tested,” said James Blaisdell, CTO at Mocana. “The open source community has made numerous useful and popular contributions to the software industry, including the Apache server itself. But, it is clear that in the case of OpenSSL, this route has failed to keep up with industry and compliance requirements.”
San Francisco, Calif.-based Mocana also offers its NanoSSL solution for developers to provide secured data transport in embedded devices such as switches, routers, access points and modems, as well as medical equipment, industrial sensors, smart grid devices, camcorders and other devices that comprise the Internet of Things.
Available immediately for all major Linux platforms, pricing for NorthStar begins with a low volume subscription at $350 per server annually, with volume price discounts available. The company also is offering an option for an unlimited deployment for a three-year term. Licensed customers receive source code and precompiled binaries with per-server perpetual or subscription licensing.
Related: Organizations Slow at Patching Heartbleed in VMware Deployments
Related: Heartbleed Vulnerability Still Beating Strong
Related: Recovering from Heartbleed: The Hard Work Lies Ahead